Overview

overview

7

Static

static

PO- 8#2020...st.exe

windows7_x64

7

PO- 8#2020...st.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO- 8#2020 MOH-9SP171 Al Hafez Trading Est.exe

  • Size

    1.4MB

  • Sample

    200624-s69f2ddzke

  • MD5

    2a01e9341cafcacd5ebf167e7b5ecfb8

  • SHA1

    2cd34b7d163e3f9a3a823e0827a774fbc6ef3810

  • SHA256

    f47aaf13e037fe6f249ef301908feb6c47825a75bf6f13075e9775de78dd2e6a

  • SHA512

    886ea9b562ffdaa39e102830403bbc2c45615353474ab0e9b33a83e1a09b7b7d0a110ee54b57a4b83d84ad812efedd7fcc1c9a11c31e597a4bc07141d310c0d5

Score
7/10
spyware

Malware Config

Targets

    • Target

      PO- 8#2020 MOH-9SP171 Al Hafez Trading Est.exe

    • Size

      1.4MB

    • MD5

      2a01e9341cafcacd5ebf167e7b5ecfb8

    • SHA1

      2cd34b7d163e3f9a3a823e0827a774fbc6ef3810

    • SHA256

      f47aaf13e037fe6f249ef301908feb6c47825a75bf6f13075e9775de78dd2e6a

    • SHA512

      886ea9b562ffdaa39e102830403bbc2c45615353474ab0e9b33a83e1a09b7b7d0a110ee54b57a4b83d84ad812efedd7fcc1c9a11c31e597a4bc07141d310c0d5

    Score
    7/10
    spyware

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks